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DETAILED ACTION 

1 . Claims 1-25 are examined. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1-25 are rejected under 35 U.S.C. 101 for failing to have concrete and tangible result. 
According to the disclosure of the invention, the process of human visual system having "gestalt effect" 
(Par. [0016] and [0042]) detects password characters that are "displayed at a visibly detectable higher 
frequency". This is directed to an abstract idea; thus rendering the claimed invention not having concrete 
and tangible result. 

Claims 1, 10 and 19 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. According to the disclosure of the invention, frequency rate is used to 
change the stream of characters to be displayed (e.g., Par. [0018]). And, the independent claims 1,10 
and 19 recite the limitation "higher frequency"; thus the claims do not constitute statutory subject matter. 

Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention recite the limitations "a 
computer product, residing on a computer readable medium..." and "means for displaying..." 
These limitations recite process and apparatus claims respectively, which belong to different statutory 
category. 

Claims 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non- 
statutory subject matter. Claim 1 recite computer program, which are not tangibly embodied on an 
appropriate computer-readable storage medium; thus the claims do not constitute statutory subject 
matter. 

Claims 2-9, 11-18 and 20-25 directed to non-statutory subject matter, since they. depend on the 
preceding respective claims and have all the limitations of their independent claims. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 1-5, 8, 10-14, 17 and 19-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Goal et al. (Pub. No.: US 2004/0168068 A1, applicant's admitted prior art), referred as "Goaf 
hereinafter and further in view of 'Hypponen" (Pub No.: 2005/0044425 A1 ). 

4. As per claim 1. Goal discloses, 

A method for secure password entry, comprising: (Par. [00002], lines 1-3, "the present 
invention relates in general to data processing system security, and in particular to a method and system 
for automatic password generation"). 

- changing stream of random characters, wherein a particular character within said 
changing stream of random characters is displayed at a visibly detectable higher frequency; 
(abstract, lines 10-12, "randomly generated characters of identical nature are then assigned to each 
position within the password to create a new password") and ("Par. [0029], lines 1-4, "next, an analysis is 
performed of each character within the multiple character passwords for a target data processing system 
to determine the nature of the character at a particular string position"). 

Goal does not explicitly disclose, 

- displaying a password prompt and receiving input to increment or decrement said 
particular character to reach a password character of a password 

However, in the same filed of endeavor, Hypponen disclose the above limitation as, (Par. [0035], 
lines 2-4, "there is provided a method of generating or entering a password or a passphrase or encryption 
key on a computer system"). Hypponen further disclose, (Par. [0037], "selecting at least one value from 
each stored set or from each of the plurality of the stored sets;") which include inherent password 
displaying means; and (Par. [0038], "combining the selected values or components thereof to form a 
password, passphrase, or encryption key"). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention 
was made, to combine the teachings of Hypponen into the method of Goal, because one of ordinary skill 
in the art would want to speed the password entry process (see Hypponen Par. [0034]). 

5. As per claim 2. claim 1 is incorporated and further Goal discloses, 

- displaying a plurality of character positions, wherein a stream of random characters is 
displayed in each of said plurality of character positions, wherein a particular position from 
among said plurality of character positions provides said password prompt (Par. [11], lines 10-14, 
"randomly generated characters of identical nature are then assigned to each position within the 
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password sting to create a new password, which will comply with the specified rules for a particular target 
system"). 



6. As per claim 3. Goal does not disclose, 

- adjusting which character position from among said plurality of character positions 
provides said password prompt 

However, Hypponen discloses, (Par. [0040], lines 6-14, "in one embodiment, the interface 
comprises a graphically displayed slider, thumb wheel or the like, which can be operated by the user with 
a joystick, roller or another input device to scroll through the values of each domain in order to select a 
value for that domain. More preferably, for each position of the slider or wheel, the value corresponding to 
that position (or an element mapped to the value) is displayed to provide visual feedback to the user"). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention 
was made, to combine the teachings of Hypponen into the method of Goal, because one of ordinary skill 
in the art would want to make memorization of password characters easy for users (see Hypponen Par. 
[0032]). 

7. As per claim 4, Goal discloses, 

- adjusting a number of said plurality of character positions (Par. [0027], lines 4-9, "as 
depicted, table 70 includes two rows, 72 and 74. Row 72 is utilized to designate each string position 
within a multi-character password string. As depicted, any number of characters may be accommodated 
by simply providing a table of sufficient dimension"). 

8. As per claims 5. Goal discloses, 

- responsive to receiving input of a password completion character indicating that said 
password is complete, securely passing said password to a requesting software layer (FIG. 4 and 
Par. [0037], "referring again to block 98, in the event the newly created password has been rejected by 
the target data process system 'N' times, the process passes from block 98 to block 100. Block 100 
illustrates the generation of an alert to the user of the data processing system so that a password may be 
manually generated and submitted prior to the target data processing system prohibiting further accesses 
by this user. Thereafter, or after the password has been accepted by the target data processing system, 
the process passes to block 102 and returns"). 
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9. As per claim 8. Goal discloses, 

- generating said stream of random characters, wherein said particular character is 
randomly selected (Par. [0011], lines 10-14, "randomly generated characters of identical nature are then 
assigned to each position within the password sting to create a new password, which will comply with the 
specified rules for a particular target system"). 

10. As per claims 10 and 19. rejection of claim 1 is applied; and further Goal discloses, 

- a data processing system for controlling a display interface; and a computer program 
product, residing on a computer readable medium (Par. [0013], "FIG. 1 is a schematic representation 
of a plurality of data processing systems linked together over a network, within which the method and 
system of the present invention may find application"); and ("FIG. 2 & Par. [0023], lines 16-18, 
"communication interface 40 provides a means by which data processing system 10 may interface a 
network such as Internet 20"). 

Goal does not explicitly disclose, 

- means for displaying a password prompt and means for receiving input to increment or 
decrement said particular character to reach a password character of a password 

However, Hypponen disclose, (Par. [0035], lines 2-4, "there is provided a method of generating or 
entering a password or a passphrase or encryption key on a computer system"). Hypponen further 
disclose, (Par. [0037], "selecting at least one value from each stored set or from each of the plurality of 
the stored sets"); which include inherent means for password displaying and receiving input. 

11. As per claims 11-14 and 20-23. 

These claims recite means for the respective methods of claims 2-5. Since claims 2-5 implicitly 
contain a means for the methods, the claims are rejected for the same reason set forth for rejection of 
claims 2-5 above and further Goal disclose: 

- means for displaying a plurality of character positions, wherein a stream of random 
characters is displayed in each of said plurality of character positions, wherein a particular 
position from among said plurality of character positions provides said password prompt (Par. 
[11], lines 10-14, "randomly generated characters of identical nature are then assigned to each position 
within the password sting to create a new password, which will comply with the specified rules for a 
particular target system"); which include inherent means for displaying plurality of character positions. 

- means for adjusting a number of said plurality of character positions (Par. [0027], lines 4- 
9, "as depicted, table 70 includes two rows, 72 and 74. Row 72 is utilized to designate each string 
position within a multi-character password string. As depicted, any number of characters may be 
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accommodated by simply providing a table of sufficient dimension"); which include inherent means for 
adjusting a number of plurality character positions. 

- means, responsive to receiving input of a password completion character indicating that 
said password is complete, for securely passing said password to a requesting software layer 
(FIG. 4 and Par. [0037], "referring again to block 98, in the event the newly created password has been 
rejected by the target data process system 'N' times, the process passes from block 98 to block 100. 
Block 100 illustrates the generation of an alert to the user of the data processing system so that a 
password may be manually generated and submitted prior to the target data processing system 
prohibiting further accesses by this user. Thereafter, or after the password has been accepted by the 
target data processing system, the process passes to block 102 and returns"); which include inherent 
means for securely passing password. 

Goal does not disclose, 

- means for adjusting which character position from among said plurality of character 
positions provides said password prompt 

However, Hypponen discloses, (Par. [0040], lines 6-14, "in one embodiment, the interface 
comprises a graphically displayed slider, thumb wheel or the like, which can be operated by the user with 
a joystick, roller or another input device to scroll through the values of each domain in order to select a 
value for that domain. More preferably, for each position of the slider or wheel, the value corresponding to 
that position (or an element mapped to the value) is displayed to provide visual feedback to the user"); 
which include inherent means for adjusting character position for prompt. 

12. As per claims 17 and 24, 

These claims recite means for the method of claim 8. Since claim 8 implicitly contains a means 
for the method, claims 1 7 and 24 are rejected for the same reason set forth for rejection of claim 8 above 
and Goal further disclose: 

- means for generating said stream of random characters, wherein said particular 
character is randomly selected (Par. [0011], lines 10-14, "randomly generated characters of identical 
nature are then assigned to each position within the password sting to create a new password, which will 
comply with the specified rules for a particular target system"); which include inherent means for 
generating stream of characters randomly. 

Claims 6-7, 9, 15-16, 18 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Goal and further in view of Hypponen and further in view of Ganesan et al. (US Pat No.: 5,394,471 ), 
referred as u Ganesan" hereinafter. 
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13. As per claims 6. neither Goal nor Hypponen explicitly disclose, 

- responsive to receiving a request for a password from a software layer within a data 
processing system, invoking a password entry controller from within said data processing 
system, wherein said password entry controller controls said displaying said password prompt 
and said receiving input to increment or decrement said particular character 

However; in the same field of endeavor, Ganesan disclose the above limitation, (FIG. 4 & column 
10, lines 25-28 and 37-41, "in one embodiment of the password test system of the present invention, a 
user password is selected and input through user input device 1 10 to the local processing unit 106 for 
verification via interface 124;") and ("if the new password falls within the threshold value which is also 
which is also retrieved from storage device 104, it is validated by processing unit 106 and notified to the 
user input device 110 from which the password was identified"). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention 
was made, to combine the teachings of Ganesan into the method of Goal and Hypponene, because one 
of ordinary skill in the art would want to test the validity of password in a network system (see Ganesan 
column 10, lines 46-49). 

14. As per claim 7, rejection of claim 6 above is incorporated. 
Neither Goal nor Hypponen explicitly disclose, 

- responsive to receiving, at a client system, a request for a password entry from a server 
system from which said client system is attempting to access a resource, invoking a password 
entry controller from within said data processing system, wherein said password entry controller 
controls said displaying said password prompt and said receiving input to increment or 
decrement said particular character 

However, Ganesan disclose the above limitation, (column 10, lines 50-53 and 64-68, "user 
passwords are selected and input through user input device 1 10 via local processing unit 106 to network 
processing unit via the applicable interfaces and LAN link;") and ("if the new password falls within the 
validity threshold value retrieved by processing unit 112 from, storage device 108, it is validated by 
processor 112 and notified to the user input device 1 10 or 1 14 from which the password was identified via 
the applicable communication link"). 

15. As per claim 9. neither Goal nor Hypponen explicitly disclose, 

- adjusting a frequency percentage at which said particular character is displayed in said 
stream of random characters 



Application/Control Number: 10/849,610 



Art Unit: 2109 



Page 8 



However, Ganesan discloses the above limitation as, (column 5, lines 44-48, "the first processor 
preferably includes the capability to adjust the frequency of occurrence of any bad password character 
which is computed to b e less than or equal to five"). 

Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention 
was made, to combine the teachings of Ganesan into the methods of Goal and Hypponen, because one 
of ordinary skill in the art would want to identify characters of the bad password (see Ganesan column 4, 
lines 20-35). 

16. As per claims 15 and 16. 

These claims recite means for the methods of claim 6 and 7. Since claims 6 and 7 implicitly 
contain a means for the methods, the claims are rejected for the same reason set forth for rejection of 
claims 6 and 7 above. 

Neither Goal nor Hypponen explicitly disclose, 

- means, responsive to receiving a request for a password from a software layer within a 
data processing system, for invoking said password entry controller 

However, in the same field of endeavor, Ganesan disclose the above limitation, (FIG. 4 & column 
10, lines 25-28 and 37-41, "in one embodiment of the password test system of the present invention, a 
user password is selected and input through user input device 1 10 to the local processing unit 106 for 
verification via interface 124;") and ("if the new password falls within the threshold value which is also 
which is also retrieved from storage device 104, it is validated by processing unit 106 and notified to the 
user input device 1 10 from which the password was identified"); which include inherent means for 
invoking the password entry controller. 

- means, responsive to receiving a request for a password entry from a server system from 
which said client system is attempting to access a resource, for invoking a password entry 
controller 

However, Ganesan disclose the above limitation, (column 10, lines 50-53 and 64-68, "user 
passwords are selected and input through user input device 1 10 via local processing unit 106 to network 
processing unit via the applicable interfaces and LAN link;") and ("if the new password falls within the 
validity threshold value retrieved by processing unit 1 12 from storage device 108, it is validated by 
processor 112 and notified to the user input device 110 or 114 from which the password was identified via 
the applicable communication link") ; which include inherent means for invoking the password entry 
controller. 
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17. As per claims 18 and 25. 

These claims recite means for the method of claim 8. Since claim 9 implicitly contains a means 
for the method, the claims are rejected for the same reason set forth for rejection of claim 9 above. 

Neither Goal or Hypponen disclose, 

- means for adjusting a frequency percentage at which said particular character is 
displayed in said stream of random characters 

However, Ganesan discloses the above limitation as, (column 5, lines 44-48, "the first processor 
preferably includes the capability to adjust the frequency of occurrence of any bad password character 
which is computed to b e less than or equal to five"); which include inherent means for adjusting a 
frequency percentage. 

18. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
(See PTO-892). 

19. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Amare F. Tabor whose telephone number is (571) 270-3155. The examiner can normally 
be reached on Mon-Fri 7:30a.m. to 5:00p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Chameli Das can be reached on (571) 272-3696. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
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